Sharing is caring!

Currently, there’s a war between Apple and FBI over the iPhone encryption, as the manufacturer refuses to comply with the court’s order because it wants to protect its users’ personal data. Apple’s obsession with encryption is in its users’ advantage, who feel safe when they’re sharing information with their friends and now they’re even happier because on Money was released iOS 9.3 and it included a patch that repairs a serious flaw in the iMessage encryption system.

In November, some researchers at Johns Hopkins University have revealed a possible attack and informed Apple about this problem. According to them, the hackers were taking advantage of iMessage’s way of sending multimedia files and storing them in an encrypted form on an Apple server, where the encrypted key is also stored – it’s required to decrypt these files and to allow the recipient to download them. By getting their hands on the encrypted message, the hackers could impersonate an Apple server, then, repeatedly send different versions of the encrypted file and the key for its decryption, each one having a portion of the message modified. The phone either accepted the form of the message or rejected it as invalid, which gave the hacker an idea of its content, then after 130,000 attempts, he was able to obtain the entire key and decrypt the file.

The flaw that allowed these attacks to happen was fixed in the latest iOS 9.3 update, which was released on Monday and brought a patch for the vulnerability in the iMessage encryption system. At the same time, Apple has released another update for the desktop version of iMessage, which also fixed the flaw.

The users are advised to install the latest update, or else their iPhones and Macs will be vulnerable to attacks, as the iMessage client has this flaw and it can be exploited by hackers and their data could be stolen, after the encrypted files are illegally decrypted using this technique. And older iPhones are even more vulnerable to attacks, especially because encrypted files can be obtained by hacking Apple’s servers or from a law enforcement request.